Wednesday WIN (2012-Aug-08)

Win? Apparently Gangnam Style is win.

PSY – GANGNAM STYLE (강남스타일) M/V

**August Reading Challenge – You CAN judge a book by it’s cover! **

The Aussie Readers group on Goodreads has the August Challenge – You CAN judge a book by it’s cover!;

This month, your challenge is to read a book or books that you judge SOLELY by their cover! When you have chosen your books, put the covers in this thread, to entice others, and show off your choices:)

Continue reading ‘**August Reading Challenge – You CAN judge a book by it’s cover! **’

**July Reading Challenge – Horror/Dark Thriller – 2012**

The Aussie Readers group on Goodreads has the July Challenge – Horror/Dark Thriller;

For those of you who enjoy a good horror or dark thriller, this is right up your alley! But those of you who don’t read this genre, dare yourself to read at least one for our middle month of winter! This cold, dreary month is a good excuse to rug up by the fire, and devour a good horror story!
Dig deep to read one of our challenge books this month…..and ENJOY!!

( This month ties into the Winter Challenge – 10. Read a horror/murder/thriller, something that sends CHILLS down your spine!! OR Snuggle up with a COZY mystery… )

Looks like I have failed pretty badly on this challenge I will still go ahead and read a Horror/Dark Thriller for the Winter Challenge.

Time to get off the iCloud

Mat Honan’s hacking tale shed some light into some pretty ugly areas of Apple iCloud account management services, and tech support processes that are not up to scratch.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
– How Apple and Amazon Security Flaws Led to My Epic Hacking (2012-Aug-06) Mat Honan [Wired]

The most concerning is the Apple’s tech support;

In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.
– How Apple and Amazon Security Flaws Led to My Epic Hacking (2012-Aug-06) Mat Honan [Wired]

It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud. — How Apple and Amazon Security Flaws Led to My Epic Hacking (2012-Aug-06) Mat Honan [Wired]

Why has Apple considered the last 4 digits, which are public available via many scenarios, enough of an identification to be authoritative? Amazon have changed their process overnight so that they are no longer a part of the equation, but these last 4 digits are available from many other sources (check one of your EFT receipts) and as such should not be considered as a secure form of identification.

After reading through this, and if you have an iCloud account … why are you still using it?

Related:

* Google: Getting started with 2-step verification [Google]
You’ll first need to set up your phone number to receive codes via SMS text message or voice call. If you have a smartphone, you can later download an app that allows you to generate codes without text messages and even without cell service.

* Secure your digital self: auditing your cloud identity (2012-Aug-07) [arstechnica]
Honan’s experience and the recent security breach at Dropbox are just the most recent examples of what can happen when our digital identities are too closely entwined. While you can’t make your cloud providers more secure, there are things you can do to make yourself less vulnerable to these kinds of hacks, or at least to limit the damage that can be done if one is exposed. Here’s how to do a self-audit of your identity in the cloud to find and fix potential problems.

* Amazon Quietly Closes Security Hole After Journalist’s Devastating Hack (2012-Aug-07) [Wired]
Amazon changed its customer privacy policies on Monday, closing security gaps that were exploited in the identity hacking of Wired reporter Mat Honan on Friday.